Web Hosting Company Domainfactory Hacked - Sensitive Personal Data Leaked

Web hosting company Domainfactory owned support forum has been compromised and hackers leaked personal sensitive data by breaking the customer database.

A stranger who have shared internal data of several customers as a proof and confirmed the data belonged to Domainfactory.

Domainfactory is a German hosting company which is owned by GoDaddy since 2016 and this breach Officially confirmed On 6 July.

The organization initially learned of the episode on 3 July. As indicated by the data that is right now accessible, the information arrived in the hands of outer outsiders on 29 January 2018 through an information feed after a system transaction.

According to the company, On July 3, 2018, a person in the DomainFactory forum claimed access to DomainFactory customer data. We initiated a detailed investigation and found that customer data was accessed by an outside party without authorization. The access route is now secured. We contact all customers with the recommendation to update their DomainFactory passwords.

Domainfactory finally confirmed that, leaked customer data including the following sensitive data.

– Customer name
– Company name
– Customer number
– Address
– E-mail addresses – Phone
number
– DomainFactory Phone password
– Date of birth
– Bank name and account number (eg IBAN or BIC)
– Schufa score Please

Journalist Fabian Scherschel also posted on Twitter, that he was also watching a Twitter thread “in which Lauter #Domainfactory customers ask a hacker about their data because DF does not respond to their requests” (all before Domainfactory’s disclosure).

Ich sitze hier in nem Twitter-Thread in dem lauter #Domainfactory-Kunden einen Hacker nach ihren Daten fragen, weil DF nicht auf ihre Anfragen reagiert. Ist das jetzt schon #PostDSGVO? 😅
Hintergrund: https://t.co/8T0Oh6GHQ9
— Fabian A. Scherschel (@fabsh) July 7, 2018

In our vital Customer Information discharge dated July 7, 2018, we have demonstrated that we as of now removal of all passwords as a prudent measure. As an outcome, we have gotten more request about which gets to ought to be changed precisely. Instructions for changing your passwords can be found here: https://www.df.eu/blog/pw/

– customer password
– phone password
– E-mail passwords
– FTP / Live disk passwords
– SSH passwords
– MySQL database passwords

Also company Said, We have notified the data protection authority and commissioned external experts with the investigation. The protection of the data of our customers is paramount and we regret the inconvenience this incident causes, very much.”